Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
AnalysisAI
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 1.10CNB05 affecting the qosClassifier function's dip_address/sip_address parameters. This unauthenticated, remotely exploitable flaw allows attackers to achieve complete system compromise (confidentiality, integrity, and availability impact). The vulnerability affects end-of-life products no longer receiving vendor support, with public exploit disclosure and confirmed proof-of-concept availability increasing real-world exploitation risk.
Technical ContextAI
The vulnerability exists in the /goform/qosClassifier endpoint of D-Link DIR-816 (CPE: cpe:2.3:o:d-link:dir-816_firmware:1.10cnb05:*:*:*:*:*:*:*), a consumer-grade wireless router. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The qosClassifier function fails to properly validate the length of user-supplied input in the dip_address and sip_address parameters before copying them into fixed-size stack buffers. This lack of bounds checking allows attackers to overflow the stack, potentially overwriting saved return addresses and other critical data structures. The affected endpoint is accessible without authentication due to missing access control checks (contributing to CVSS AV:N/AC:L/PR:N), making this a particularly severe implementation flaw typical of legacy embedded device firmware.
RemediationAI
Immediate remediation options are severely limited due to end-of-life status: (1) Hardware replacement: Discontinue use of DIR-816 equipment and migrate to current-generation D-Link routers with active security support; (2) Network isolation: If immediate replacement is not feasible, isolate affected DIR-816 devices to restricted network segments with strict ingress/egress filtering, preventing internet-facing exposure; (3) Access control: Implement network-level access controls (firewall rules, ACLs) to block unauthorized access to the /goform/qosClassifier endpoint on port 80/443; (4) Monitoring: Deploy network intrusion detection signatures to monitor for exploitation attempts targeting this endpoint; (5) No patch available: D-Link will not release firmware patches for this end-of-life product. Firmware upgrades to newer DIR-816 versions (if available) should be evaluated but are not guaranteed to address this vulnerability without vendor confirmation. Do NOT rely on workarounds as a long-term solution—replacement is the only permanent fix.
More in Dir 816 Firmware
View allAn issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 pa
An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via sy
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the /goform/fo
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the QoSPortSet
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 wireless router (version 1.10CNB05) affecting the 5
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecur
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/f
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity func
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/fo
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagn
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. Rated critical severity
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16940